function section_save() { global $txpcfg; $in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name')); extract(doSlash($in)); if (empty($title)) { $title = $name; } //Prevent non url chars on section names include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($title, 1); $name = dumbDown($textile->TextileThis($name, 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); if ($name == 'default') { safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'"); } else { if ($is_default) { // note this means 'selected by default' not 'default page' safe_update("txp_section", "is_default=0", "name!='{$old_name}'"); } safe_update("txp_section", "name = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss = '{$in_rss}',\n\t\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'"); safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'"); } sec_section_list(messenger('section', $name, 'updated')); }
function start_import() { global $event, $vars; extract(psa($vars)); $insert_into_section = $Section; $insert_with_status = $type; $default_comment_invite = $comments_invite; include_once txpath . '/include/import/import_' . $import_tool . '.php'; $ini_time = ini_get('max_execution_time'); @ini_set('max_execution_time', 300 + intval($ini_time)); switch ($import_tool) { case 'mtdb': $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite); rebuild_tree('root', 1, 'article'); break; case 'mt': $file = check_import_file(); if (!empty($file)) { $out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite); //Rebuilding category tree rebuild_tree('root', 1, 'article'); } else { $out = 'Import file not found'; } break; case 'b2': $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite); break; case 'wp': $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite); rebuild_tree('root', 1, 'article'); break; case 'blogger': $file = check_import_file(); if (!empty($file)) { $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite); } else { $out = gTxt('import_file_not_found'); } break; } $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out; pagetop(gTxt('txp_import')); $content = '<div id="' . $event . '_container" class="txp-container txp-list">'; $content .= startTable('list'); $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2)); $content .= tr(td($out)); $content .= endTable(); $content .= '</div>'; echo $content; $rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid'); if (mysql_num_rows($rs) > 0) { while ($a = nextRow($rs)) { safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']); } } }
/** * Saves pane visibility. */ public function visible() { extract(psa(array('pane', 'visible', 'origin'))); send_xml_response(); if ($this->valid_token($pane) && preg_match('/^[a-z0-9_-]+$/i', $pane)) { set_pref("pane_{$pane}_visible", (int) ($visible === 'true'), $origin, PREF_HIDDEN, 'yesnoradio', 0, PREF_PRIVATE); return; } trigger_error('invalid_pane', E_USER_WARNING); }
function section_save() { $in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name')); extract(doSlash($in)); if ($is_default) { safe_update("txp_section", "is_default=0", "name!='{$old_name}'"); } safe_update("txp_section", "name = '{$name}',\n\t\t\tpage = '{$page}',\n\t\t\tcss = '{$css}',\n\t\t\tis_default = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss = '{$in_rss}',\n\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'"); safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'"); section_list(messenger('section', $name, 'updated')); }
function start_import() { global $vars; extract(psa($vars)); $insert_into_section = $Section; $insert_with_status = $type; $default_comment_invite = $comments_invite; include_once txpath . '/include/import/import_' . $import_tool . '.php'; $ini_time = ini_get('max_execution_time'); @ini_set('max_execution_time', 300 + intval($ini_time)); switch ($import_tool) { case 'mtdb': $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite); rebuild_tree('root', 1, 'article'); break; case 'mt': $file = check_import_file(); if (!empty($file)) { $out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite); //Rebuilding category tree rebuild_tree('root', 1, 'article'); } else { $out = 'Import file not found'; } break; case 'b2': $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite); break; case 'wp': $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite); rebuild_tree('root', 1, 'article'); break; case 'blogger': $file = check_import_file(); if (!empty($file)) { $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite); } else { $out = gTxt('import_file_not_found'); } break; } $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out; pagetop(gTxt('txp_import')); $content = startTable('list'); $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2)); $content .= tr(td($out)); $content .= endTable(); echo $content; }
function author_save_new() { extract(doSlash(psa(array('privs', 'name', 'email', 'RealName')))); $pw = generate_password(6); $nonce = md5(uniqid(rand(), true)); if ($name) { $rs = safe_insert("txp_users", "privs = '{$privs}',\n\t\t\t\t name = '{$name}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass = password(lower('{$pw}')),\n\t\t\t\t nonce = '{$nonce}'"); } if ($rs) { send_password($pw, $email); admin(gTxt('password_sent_to') . sp . $email); } else { admin(gTxt('error_adding_new_author')); } }
function author_save_new() { require_privs('admin.edit'); extract(doSlash(psa(array('privs', 'name', 'email', 'RealName')))); $privs = assert_int($privs); $length = function_exists('mb_strlen') ? mb_strlen($name, '8bit') : strlen($name); if ($name and $length <= 64 and is_valid_email($email)) { $exists = safe_field('name', 'txp_users', "name = '" . $name . "'"); if ($exists) { author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR)); return; } $password = generate_password(PASSWORD_LENGTH); $hash = doSlash(txp_hash_password($password)); $nonce = doSlash(md5(uniqid(mt_rand(), TRUE))); $rs = safe_insert('txp_users', "\n\t\t\t\tprivs = {$privs},\n\t\t\t\tname = '{$name}',\n\t\t\t\temail = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce = '{$nonce}',\n\t\t\t\tpass = '******'\n\t\t\t"); if ($rs) { send_password($RealName, $name, $email, $password); author_list(gTxt('password_sent_to') . sp . $email); return; } } author_list(array(gTxt('error_adding_new_author'), E_ERROR)); }
function comments_preview($atts) { global $has_comments_preview; if (!ps('preview')) { return; } extract(lAtts(array('form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts)); assert_article(); $preview = psa(array('name', 'email', 'web', 'message', 'parentid', 'remember')); $preview['time'] = time(); $preview['discussid'] = 0; $preview['name'] = strip_tags($preview['name']); $preview['email'] = clean_url($preview['email']); if ($preview['message'] == '') { $in = getComment(); $preview['message'] = $in['message']; } $preview['message'] = markup_comment(substr(trim($preview['message']), 0, 65535)); // it is called 'message', not 'novel' $preview['web'] = clean_url($preview['web']); $GLOBALS['thiscomment'] = $preview; $comments = parse_form($form) . n; unset($GLOBALS['thiscomment']); $out = doTag($comments, $wraptag, $class); # set a flag, to tell the comments_form tag that it doesn't have to show a preview $has_comments_preview = true; return $out; }
function section_save() { global $app_mode; $in = array_map('assert_string', psa(array('name', 'title', 'old_name', 'section_page', 'css'))); if (empty($in['title'])) { $in['title'] = $in['name']; } // Prevent non url chars on section names include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $in['title'] = $textile->TextileThis($in['title'], 1); $in['name'] = strtolower(sanitizeForUrl($in['name'])); extract($in); $in = doSlash($in); extract($in, EXTR_PREFIX_ALL, 'safe'); if ($name != strtolower($old_name)) { if (safe_field('name', 'txp_section', "name='{$safe_name}'")) { // Invalid input. Halt all further processing (e.g. plugin event handlers). $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR); // modal_halt($message); sec_section_list($message); return; } } $ok = false; if ($name == 'default') { $ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}'", "name = 'default'"); } else { if ($name) { extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable')))); if ($safe_old_name) { $ok = safe_update('txp_section', "\n\t\t\t\t\tname = '{$safe_name}',\n\t\t\t\t\ttitle = '{$safe_title}',\n\t\t\t\t\tpage = '{$safe_section_page}',\n\t\t\t\t\tcss = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss = {$in_rss},\n\t\t\t\t\tsearchable = {$searchable}\n\t\t\t\t\t", "name = '{$safe_old_name}'"); // Manually maintain referential integrity if ($ok) { $ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'"); } } else { $ok = safe_insert('txp_section', "\n\t\t\t\t\tname = '{$safe_name}',\n\t\t\t\t\ttitle = '{$safe_title}',\n\t\t\t\t\tpage = '{$safe_section_page}',\n\t\t\t\t\tcss = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss = {$in_rss},\n\t\t\t\t\tsearchable = {$searchable}"); } } } if ($ok) { update_lastmod(); } if ($ok) { sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name))); } else { sec_section_list(array(gTxt('section_save_failed'), E_ERROR)); } }
/** * Saves or clones a page template. */ function page_save() { extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy'))))); $name = sanitizeForPage(assert_string(ps('name'))); $newname = sanitizeForPage(assert_string(ps('newname'))); $save_error = false; $message = ''; if (!$newname) { $message = array(gTxt('page_name_invalid'), E_ERROR); $save_error = true; } else { if ($copy && $name === $newname) { $newname .= '_copy'; $_POST['newname'] = $newname; } $exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'"); if ($newname !== $name && $exists !== false) { $message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR); if ($savenew) { $_POST['newname'] = ''; } $save_error = true; } else { if ($savenew or $copy) { if ($newname) { if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) { update_lastmod('page_created', compact('newname', 'name', 'html')); $message = gTxt('page_created', array('{name}' => $newname)); } else { $message = array(gTxt('page_save_failed'), E_ERROR); $save_error = true; } } else { $message = array(gTxt('page_name_invalid'), E_ERROR); $save_error = true; } } else { if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) { safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'"); update_lastmod('page_saved', compact('newname', 'name', 'html')); $message = gTxt('page_updated', array('{name}' => $name)); } else { $message = array(gTxt('page_save_failed'), E_ERROR); $save_error = true; } } } } if ($save_error === true) { $_POST['save_error'] = '1'; } else { callback_event('page_saved', '', 0, $name, $newname); } page_edit($message); }
function getComment() { // comment spam filter plugins: call this function to fetch comment contents $c = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'remember')); $n = array(); foreach (stripPost() as $k => $v) { if (preg_match('#^[A-Fa-f0-9]{32}$#', $k . $v)) { $n[] = doSlash($k . $v); } } $c['nonce'] = ''; $c['secret'] = ''; if (!empty($n)) { $rs = safe_row('nonce, secret', 'txp_discuss_nonce', "nonce in ('" . join("','", $n) . "')"); $c['nonce'] = $rs['nonce']; $c['secret'] = $rs['secret']; } $c['message'] = ps(md5('message' . $c['secret'])); return $c; }
/** * Saves a category from HTTP POST data. * * @param string $event Type of category * @param string $table Affected database table */ function cat_event_category_save($event, $table_name) { extract(doSlash(array_map('assert_string', psa(array('id', 'name', 'description', 'old_name', 'parent', 'title'))))); $id = assert_int($id); $rawname = $name; $name = sanitizeForUrl($rawname); // Make sure the name is valid. if (!$name) { $message = array(gTxt($event . '_category_invalid', array('{name}' => $rawname)), E_ERROR); return cat_event_category_edit($event, $message); } // Don't allow rename to clobber an existing category. $existing_id = safe_field("id", 'txp_category', "name = '{$name}' AND type = '{$event}'"); if ($existing_id and $existing_id != $id) { $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR); return cat_event_category_edit($event, $message); } // TODO: validate parent? $parent = $parent ? $parent : 'root'; $message = array(gTxt('category_save_failed'), E_ERROR); if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}', description = '{$description}'", "id = {$id}") && safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}' AND type = '{$event}'")) { rebuild_tree_full($event); if ($event == 'article') { if (safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'") && safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'")) { $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name))); } } else { if (safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'")) { $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name))); } } } cat_category_list($message); }
/** * Processes multi-edit actions. */ function list_multi_edit() { global $txp_user, $statuses, $all_cats, $all_authors, $all_sections; extract(psa(array('selected', 'edit_method'))); if (!$selected || !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); // Empty entry to permit clearing the categories. $categories = array(''); foreach ($all_cats as $row) { $categories[] = $row['name']; } $allowed = array(); $field = $value = ''; switch ($edit_method) { // Delete. case 'delete': if (!has_privs('article.delete')) { if (has_privs('article.delete.own')) { $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'"); } $selected = $allowed; } if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")"); callback_event('articles_deleted', '', 0, $selected); callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value')); update_lastmod('articles_deleted', $selected); now('posted', true); now('expires', true); return list_list(messenger('article', join(', ', $selected), 'deleted')); } return list_list(); break; // Change author. // Change author. case 'changeauthor': $value = ps('AuthorID'); if (has_privs('article.edit') && in_array($value, $all_authors, true)) { $field = 'AuthorID'; } break; // Change category1. // Change category1. case 'changecategory1': $value = ps('Category1'); if (in_array($value, $categories, true)) { $field = 'Category1'; } break; // Change category2. // Change category2. case 'changecategory2': $value = ps('Category2'); if (in_array($value, $categories, true)) { $field = 'Category2'; } break; // Change comment status. // Change comment status. case 'changecomments': $field = 'Annotate'; $value = (int) ps('Annotate'); break; // Change section. // Change section. case 'changesection': $value = ps('Section'); if (in_array($value, $all_sections, true)) { $field = 'Section'; } break; // Change status. // Change status. case 'changestatus': $value = (int) ps('Status'); if (array_key_exists($value, $statuses)) { $field = 'Status'; } if (!has_privs('article.publish') && $value >= STATUS_LIVE) { $value = STATUS_PENDING; } break; } $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")"); foreach ($selected as $item) { if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; if ($selected) { $message = messenger('article', join(', ', $selected), 'modified'); if ($edit_method === 'duplicate') { $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")"); if ($rs) { while ($a = nextRow($rs)) { unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']); $a['uid'] = md5(uniqid(rand(), true)); $a['AuthorID'] = $txp_user; foreach ($a as $name => &$value) { $value = "`{$name}` = '" . doSlash($value) . "'"; } if ($id = (int) safe_insert('textpattern', join(',', $a))) { safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}"); } } } $message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected))); } elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) { return list_list(); } update_lastmod('articles_updated', compact('selected', 'field', 'value')); now('posted', true); now('expires', true); callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value')); return list_list($message); } return list_list(); }
/** * Saves the active language. */ function save_language() { global $textarray, $locale; extract(psa(array('language'))); if (safe_field("lang", 'txp_lang', "lang = '" . doSlash($language) . "' LIMIT 1")) { $locale = $prefs['locale'] = Txp::get('\\Textpattern\\L10n\\Locale')->getLanguageLocale($language); Txp::get('\\Textpattern\\L10n\\Locale')->setLocale(LC_ALL, $language); set_pref('locale', $locale); set_pref('language', $language); $textarray = load_lang($language); list_languages(gTxt('preferences_saved')); return; } list_languages(array(gTxt('language_not_installed', array('{name}' => $language)), E_ERROR)); }
function createTxp() { $GLOBALS['textarray'] = setup_load_lang(ps('lang')); if (ps('name') == '') { echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('name_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>'; exit; } if (!ps('pass')) { echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('pass_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>'; exit; } if (!is_valid_email(ps('email'))) { echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('email_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>'; exit; } global $txpcfg; if (!isset($txpcfg['db'])) { require txpath . '/config.php'; } $ddb = $txpcfg['db']; $duser = $txpcfg['user']; $dpass = $txpcfg['pass']; $dhost = $txpcfg['host']; $dclient_flags = isset($txpcfg['client_flags']) ? $txpcfg['client_flags'] : 0; $dprefix = $txpcfg['table_prefix']; $dbcharset = $txpcfg['dbcharset']; $siteurl = str_replace("http://", '', ps('siteurl')); $siteurl = rtrim($siteurl, "/"); $urlpath = preg_replace('#^[^/]+#', '', $siteurl); define("PFX", trim($dprefix)); define('TXP_INSTALL', 1); include_once txpath . '/lib/txplib_update.php'; include txpath . '/setup/txpsql.php'; // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string extract(doSlash(psa(array('name', 'pass', 'RealName', 'email', 'theme')))); $nonce = md5(uniqid(rand(), true)); $hash = doSlash(txp_hash_password($pass)); mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}','{$hash}','{$RealName}','{$email}',1,now(),'{$nonce}')"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'"); mysql_query("update `" . PFX . "textpattern` set Body = replace(Body, 'siteurl', '" . doSlash($urlpath) . "'), Body_html = replace(Body_html, 'siteurl', '" . doSlash($urlpath) . "') WHERE ID = 1"); // cf. update/_to_4.2.0.php. // TODO: Position might need altering when prefs panel layout is altered $theme = $theme ? $theme : 'classic'; mysql_query("insert `" . PFX . "txp_prefs` set prefs_id = 1, name = 'theme_name', val = '" . doSlash($theme) . "', type = '1', event = 'admin', html = 'themename', position = '160'"); echo fbCreate(); }
/** * Creates a new user. */ function author_save_new() { require_privs('admin.edit'); extract(psa(array('privs', 'name', 'email', 'RealName'))); $privs = assert_int($privs); if (is_valid_username($name) && is_valid_email($email)) { if (user_exists($name)) { author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR)); return; } $password = generate_password(PASSWORD_LENGTH); $rs = create_user($name, $email, $password, $RealName, $privs); if ($rs) { send_password($RealName, $name, $email, $password); author_list(gTxt('password_sent_to') . sp . $email); return; } } author_list(array(gTxt('error_adding_new_author'), E_ERROR)); }
function author_save_new() { require_privs('admin.edit'); extract(doSlash(psa(array('privs', 'name', 'email', 'RealName')))); $privs = assert_int($privs); if ($name && is_valid_email($email)) { $password = doSlash(generate_password(6)); $nonce = doSlash(md5(uniqid(mt_rand(), TRUE))); $rs = safe_insert('txp_users', "\n\t\t\t\tprivs = {$privs},\n\t\t\t\tname = '{$name}',\n\t\t\t\temail = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce = '{$nonce}',\n\t\t\t\tpass = password(lower('{$password}'))\n\t\t\t"); if ($rs) { send_password($RealName, $name, $email, $password); admin(gTxt('password_sent_to') . sp . $email); return; } } admin(gTxt('error_adding_new_author')); }
function section_save() { global $txpcfg; extract(doSlash(psa(array('page', 'css', 'old_name')))); extract(psa(array('name', 'title'))); if (empty($title)) { $title = $name; } // Prevent non url chars on section names include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $title = doSlash($textile->TextileThis($title, 1)); $name = doSlash(sanitizeForUrl($name)); if ($old_name && strtolower($name) != strtolower($old_name)) { if (safe_field('name', 'txp_section', "name='{$name}'")) { $message = gTxt('section_name_already_exists', array('{name}' => $name)); sec_section_list($message); return; } } if ($name == 'default') { safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'"); update_lastmod(); } else { extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable')))); // note this means 'selected by default' not 'default page' if ($is_default) { safe_update("txp_section", "is_default = 0", "name != '{$old_name}'"); } safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'"); safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'"); update_lastmod(); } $message = gTxt('section_updated', array('{name}' => $name)); sec_section_list($message); }
/** * Saves a form template. */ function form_save() { global $essential_forms, $form_types; extract(doSlash(array_map('assert_string', psa(array('savenew', 'Form', 'type', 'copy'))))); $name = sanitizeForPage(assert_string(ps('name'))); $newname = sanitizeForPage(assert_string(ps('newname'))); $save_error = false; $message = ''; if (in_array($name, $essential_forms)) { $newname = $name; $type = fetch('type', 'txp_form', 'name', $newname); $_POST['newname'] = $newname; } if (!$newname) { $message = array(gTxt('form_name_invalid'), E_ERROR); $save_error = true; } else { if (!isset($form_types[$type])) { $message = array(gTxt('form_type_missing'), E_ERROR); $save_error = true; } else { if ($copy && $name === $newname) { $newname .= '_copy'; $_POST['newname'] = $newname; } $exists = safe_field('name', 'txp_form', "name = '" . doSlash($newname) . "'"); if ($newname !== $name && $exists !== false) { $message = array(gTxt('form_already_exists', array('{name}' => $newname)), E_ERROR); if ($savenew) { $_POST['newname'] = ''; } $save_error = true; } else { if ($savenew or $copy) { if ($newname) { if (safe_insert('txp_form', "Form = '{$Form}',\n type = '{$type}',\n name = '" . doSlash($newname) . "'")) { update_lastmod(); $message = gTxt('form_created', array('{name}' => $newname)); } else { $message = array(gTxt('form_save_failed'), E_ERROR); $save_error = true; } } else { $message = array(gTxt('form_name_invalid'), E_ERROR); $save_error = true; } } else { if (safe_update('txp_form', "Form = '{$Form}',\n type = '{$type}',\n name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) { update_lastmod(); $message = gTxt('form_updated', array('{name}' => $name)); } else { $message = array(gTxt('form_save_failed'), E_ERROR); $save_error = true; } } } } } if ($save_error === true) { $_POST['save_error'] = '1'; } else { callback_event('form_saved', '', 0, $name, $newname); } form_edit($message); }
/** * Creates a new user. */ function author_save_new() { require_privs('admin.edit'); extract(psa(array('privs', 'name', 'email', 'RealName'))); $privs = assert_int($privs); if (is_valid_username($name) && is_valid_email($email)) { if (user_exists($name)) { author_edit(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR)); return; } $password = Txp::get('\\Textpattern\\Password\\Random')->generate(PASSWORD_LENGTH); $rs = create_user($name, $email, $password, $RealName, $privs); if ($rs) { $message = send_account_activation($name); author_list($message); return; } } author_edit(array(gTxt('error_adding_new_author'), E_ERROR)); }
function article_save() { global $txp_user, $vars, $txpcfg, $txpac; extract(get_prefs()); extract($txpac); $incoming = psa($vars); $oldstatus = fetch('Status', 'textpattern', 'ID', $incoming['ID']); include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); if ($use_textile == 0 or !$incoming['textile_body']) { $incoming['Body_html'] = trim($incoming['Body']); } else { if ($use_textile == 1) { $incoming['Body_html'] = nl2br(trim($incoming['Body'])); } else { if ($use_textile == 2 && $incoming['textile_body']) { $incoming['Body_html'] = $textile->TextileThis($incoming['Body']); $incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1); } } } if ($incoming['textile_excerpt']) { $incoming['Excerpt'] = $textile->TextileThis($incoming['Excerpt'], 1); } $myprivs = fetch('privs', 'txp_users', 'name', $txp_user); if ($myprivs == 5 && $Status == 4) { $Status = 3; } extract(doSlash($incoming)); if ($reset_time) { $whenposted = "Posted=now()"; } else { $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - $timeoffset; $when = "from_unixtime({$when})"; $whenposted = "Posted={$when}"; } $textile_body = !$textile_body ? 0 : 1; $textile_excerpt = !$textile_excerpt ? 0 : 1; safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = '{$Status}',\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = '{$Annotate}',\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'"); if ($Status == 4) { if ($oldstatus < 4) { include_once $txpcfg['txpath'] . '/lib/IXRClass.php'; if ($ping_textpattern_com) { $tx_client = new IXR_Client('http://textpattern.com/xmlrpc/'); $tx_client->query('ping.Textpattern', $sitename, $siteurl); } if ($ping_weblogsdotcom == 1) { $wl_client = new IXR_Client('http://rpc.weblogs.com/RPC2'); $wl_client->query('weblogUpdates.ping', $sitename, 'http://' . $siteurl); } } safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'"); $message = gTxt("article_saved"); } else { if ($Status == 3) { $message = gTxt("article_saved_pending"); } else { if ($Status == 2) { $message = gTxt("article_saved_hidden"); } else { if ($Status == 1) { $message = gTxt("article_saved_draft"); } } } } article_edit($message); }
function cat_event_category_save($event, $table_name) { global $txpcfg; extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title')))); $id = assert_int($id); $name = sanitizeForUrl($name); // make sure the name is valid if (!$name) { $message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR); return cat_category_list($message); } // don't allow rename to clobber an existing category $existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'"); if ($existing_id and $existing_id != $id) { $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR); return cat_category_list($message); } $parent = $parent ? $parent : 'root'; if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) { safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'"); } rebuild_tree_full($event); if ($event == 'article') { safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'"); safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'"); } else { safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'"); } $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name))); cat_category_list($message); }
function article_save() { global $txp_user, $vars, $txpcfg; extract(get_prefs()); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $incoming['Title_plain'] = $incoming['Title']; if ($use_textile == 0 or !$incoming['textile_body']) { $incoming['Body_html'] = trim($incoming['Body']); } else { if ($use_textile == 1) { $incoming['Body_html'] = nl2br(trim($incoming['Body'])); } else { if ($use_textile == 2 && $incoming['textile_body']) { $incoming['Body_html'] = $textile->TextileThis($incoming['Body']); $incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1); } } } if ($incoming['textile_excerpt']) { $incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt']); } else { $incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt'], 1); } extract(doSlash($incoming)); if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; } else { $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - tz_offset(); $when = "from_unixtime({$when})"; $whenposted = "Posted={$when}"; } $textile_body = !$textile_body ? 0 : 1; $textile_excerpt = !$textile_excerpt ? 0 : 1; if (empty($url_title)) { $url_title = stripSpace($Title_plain, 1); } elseif ($oldArticle['Status'] < 4 && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1)) { $url_title = stripSpace($Title_plain, 1); } safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = '{$Status}',\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = '{$Annotate}',\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { include_once $txpcfg['txpath'] . '/lib/IXRClass.php'; if ($ping_textpattern_com) { $tx_client = new IXR_Client('http://textpattern.com/xmlrpc/'); $tx_client->query('ping.Textpattern', $sitename, $siteurl); } if ($ping_weblogsdotcom == 1) { $wl_client = new IXR_Client('http://rpc.pingomatic.com/'); $wl_client->query('weblogUpdates.ping', $sitename, hu); } } safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'"); $message = gTxt("article_saved"); } else { if ($Status == 3) { $message = gTxt("article_saved_pending"); } else { if ($Status == 2) { $message = gTxt("article_saved_hidden"); } else { if ($Status == 1) { $message = gTxt("article_saved_draft"); } } } } $message .= check_url_title($url_title); article_edit($message); }
/** * Processes sent forms and updates existing articles. */ function article_save() { global $txp_user, $vars, $prefs; extract($prefs); $incoming = array_map('assert_string', psa($vars)); $oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n UNIX_TIMESTAMP(Posted) AS sPosted,\n UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']); if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true); return; } if (!has_privs('article.set_markup')) { $incoming['textile_body'] = $oldArticle['textile_body']; $incoming['textile_excerpt'] = $oldArticle['textile_excerpt']; } $incoming = textile_main_fields($incoming); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status')))); // Comments may be on, off, or disabled. $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= STATUS_LIVE) { $Status = STATUS_PENDING; } // Set and validate article timestamp. if ($reset_time) { $whenposted = "Posted = NOW()"; $when_ts = time(); } else { if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) { $ts = false; } else { $ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); } if ($ts === false || $ts < 0) { $when = $when_ts = $oldArticle['sPosted']; $msg = array(gTxt('invalid_postdate'), E_ERROR); } else { $when = $when_ts = $ts - tz_offset($ts); } $whenposted = "Posted = FROM_UNIXTIME({$when})"; } // Set and validate expiry timestamp. if (empty($exp_year)) { $expires = 0; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second); if ($ts === false || $ts < 0) { $expires = $oldArticle['sExpires']; $msg = array(gTxt('invalid_expirydate'), E_ERROR); } else { $expires = $ts - tz_offset($ts); } } if ($expires && $expires <= $when_ts) { $expires = $oldArticle['sExpires']; $msg = array(gTxt('article_expires_before_postdate'), E_ERROR); } if ($expires) { $whenexpires = "Expires = FROM_UNIXTIME({$expires})"; } else { $whenexpires = "Expires = " . NULLDATETIME; } // Auto-update custom-titles according to Title, as long as unpublished and // NOT customised. if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); $user = doSlash($txp_user); $description = doSlash($description); $cfq = array(); $cfs = getCustomFields(); foreach ($cfs as $i => $cf_name) { $custom_x = "custom_{$i}"; $cfq[] = "custom_{$i} = '" . ${$custom_x} . "'"; } $cfq = join(', ', $cfq); $rs = compact($vars); if (article_validate($rs, $msg)) { if (safe_update('textpattern', "Title = '{$Title}',\n Body = '{$Body}',\n Body_html = '{$Body_html}',\n Excerpt = '{$Excerpt}',\n Excerpt_html = '{$Excerpt_html}',\n Keywords = '{$Keywords}',\n description = '{$description}',\n Image = '{$Image}',\n Status = {$Status},\n LastMod = NOW(),\n LastModID = '{$user}',\n Section = '{$Section}',\n Category1 = '{$Category1}',\n Category2 = '{$Category2}',\n Annotate = {$Annotate},\n textile_body = '{$textile_body}',\n textile_excerpt = '{$textile_excerpt}',\n override_form = '{$override_form}',\n url_title = '{$url_title}',\n AnnotateInvite = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n {$whenexpires}", "ID = {$ID}")) { if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) { do_pings(); } if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) { update_lastmod('article_saved', $rs); } now('posted', true); now('expires', true); callback_event('article_saved', '', false, $rs); if (empty($msg)) { $s = check_url_title($url_title); $msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0); } } else { $msg = array(gTxt('article_save_failed'), E_ERROR); } } article_edit($msg, false, true); }
function ign_userSaveNew() { global $ign_user_db; extract(doSlash(psa(array('privs', 'name', 'email', 'RealName')))); $pw = ign_generatePassword(8); $nonce = md5(uniqid(rand(), true)); if ($name) { $rs = safe_insert($ign_user_db, "privs\t\t\t = '{$privs}',\n\t\t\t\t name\t\t\t\t = '{$name}',\n\t\t\t\t email\t\t\t = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass\t\t\t\t =\t password(lower('{$pw}')),\n\t\t\t\t nonce\t\t\t = '{$nonce}'"); } if ($name && $rs) { ign_send_password($pw, $email); ign_admin(gTxt('password_sent_to') . sp . $email); } else { ign_admin(ign_gTxt('error_adding_new_user')); } }
function section_save() { global $txpcfg, $app_mode; extract(doSlash(psa(array('page', 'css', 'old_name')))); extract(psa(array('name', 'title'))); $prequel = ''; $sequel = ''; if (empty($title)) { $title = $name; } // Prevent non url chars on section names include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $title = doSlash($textile->TextileThis($title, 1)); $name = doSlash(sanitizeForUrl($name)); if ($old_name && strtolower($name) != strtolower($old_name)) { if (safe_field('name', 'txp_section', "name='{$name}'")) { $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR); if ($app_mode == 'async') { // TODO: Better/themeable popup send_script_response('window.alert("' . escape_js(strip_tags(gTxt('section_name_already_exists', array('{name}' => $name)))) . '")'); } else { sec_section_list($message); return; } } } if ($name == 'default') { safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'"); update_lastmod(); } else { extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable')))); // note this means 'selected by default' not 'default page' if ($is_default) { safe_update("txp_section", "is_default = 0", "name != '{$old_name}'"); // switch off $is_default for all sections in async app_mode if ($app_mode == 'async') { $prequel = '$("input[name=\\"is_default\\"][value=\\"1\\"]").attr("checked", false);' . '$("input[name=\\"is_default\\"][value=\\"0\\"]").attr("checked", true);'; } } safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'"); safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'"); update_lastmod(); } $message = gTxt('section_updated', array('{name}' => $name)); if ($app_mode == 'async') { // Caveat: Use unslashed params for DTO $s = psa(array('name', 'title', 'page', 'css')) + compact('is_default', 'on_frontpage', 'in_rss', 'searchable'); $s = section_detail_partial($s); send_script_response($prequel . '$("#section-form-' . $name . '").replaceWith("' . escape_js($s) . '");' . $sequel); } else { sec_section_list($message); } }
function article_save() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE); return; } $incoming = textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt')))); $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; $when_ts = time(); } else { $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset(); $whenposted = "Posted=from_unixtime({$when})"; } if (empty($exp_year)) { $expires = 0; $whenexpires = "Expires=" . NULLDATETIME; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset(); $whenexpires = "Expires=from_unixtime({$expires})"; } if ($expires) { if ($expires <= $when_ts) { article_edit(gTxt('article_expires_before_postdate')); return; } } //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { do_pings(); } update_lastmod(); } article_edit(get_status_message($Status) . check_url_title($url_title)); }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')); extract($in); if (!checkCommentsAllowed($parentid)) { exit(graf(gTxt('comments_closed'))); } if ($prefs['comments_require_name']) { if (!trim($name)) { exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if ($prefs['comments_require_email']) { if (!trim($email)) { exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if (!trim($message)) { exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } $ip = serverset('REMOTE_ADDR'); $message = trim($message); $blacklisted = is_blacklisted($ip); $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if (checkBan($ip)) { if ($blacklisted == false) { if (!$isdup) { if (checkNonce($nonce)) { $visible = $comments_moderate ? 0 : 1; $rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid); } $updated = update_comments_count($parentid); ob_start(); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1'; if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } } } // end check nonce } // end check dup } else { exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted)); } // end check blacklist } else { exit(gTxt('you_have_been_banned')); } // end check site ban }
function createTxp() { $GLOBALS['textarray'] = setup_load_lang(ps('lang')); if (!is_valid_email(ps('email'))) { exit(graf(gTxt('email_required'))); } require txpath . '/config.php'; $ddb = $txpcfg['db']; $duser = $txpcfg['user']; $dpass = $txpcfg['pass']; $dhost = $txpcfg['host']; $dprefix = $txpcfg['table_prefix']; $dbcharset = $txpcfg['dbcharset']; $siteurl = str_replace("http://", '', ps('siteurl')); $siteurl = rtrim($siteurl, "/"); define("PFX", trim($dprefix)); define('TXP_INSTALL', 1); include_once txpath . '/lib/txplib_update.php'; include txpath . '/setup/txpsql.php'; // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string extract(doSlash(psa(array('name', 'pass', 'RealName', 'email')))); $nonce = md5(uniqid(rand(), true)); mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'"); echo fbCreate(); }
/** * Processes multi-edit actions. */ function section_multi_edit() { global $txp_user, $all_pages, $all_styles; extract(psa(array('edit_method', 'selected'))); if (!$selected || !is_array($selected)) { return sec_section_list(); } $key = $val = ''; switch ($edit_method) { case 'delete': return section_delete(); break; case 'changepage': $val = ps('uses_page'); if (in_array($val, $all_pages, true)) { $key = 'page'; } break; case 'changecss': $val = ps('css'); if (in_array($val, $all_styles, true)) { $key = 'css'; } break; case 'changeonfrontpage': $key = 'on_frontpage'; $val = (int) ps('on_frontpage'); break; case 'changesyndicate': $key = 'in_rss'; $val = (int) ps('in_rss'); break; case 'changesearchable': $key = 'searchable'; $val = (int) ps('searchable'); break; } $sections = safe_column('name', 'txp_section', "name in (" . join(',', quote_list($selected)) . ")"); if ($key && $sections) { if (safe_update('txp_section', "{$key} = '" . doSlash($val) . "'", "name in (" . join(',', quote_list($sections)) . ")")) { sec_section_list(gTxt('section_updated', array('{name}' => join(', ', $sections)))); return; } } sec_section_list(); }